Because PKI digital signatures are standards based, electronic records can actually be retained for decades.
Digital signatures have finally hit the mainstream in clinical research at a time when fuel prices resemble roller coasters, priority mailing costs are skyrocketing, and companies are emphasizing security and sustainability of IP as a top priority. Talk about good timing!
PhotoGraphy: Getty Images Illustration: Paul A. Belci
Eleven years after the first FDA 21CFR Part 11 Electronic Signature/Record final rule and subsequent guidance, and more than three decades after the eventual founders of RSA introduced the concept of Public Key Infrastructure (PKI)-based digital signatures, pharmaceutical and biotech organizations are now reaping the benefits of this technology in the clinical trials space.
With newer approaches and technologies available for digital signature implementations, even small to medium sized biopharmaceutical, medical device, and clinical organizations can afford to set up, use, and maintain what was once costly and complex.
From an investment perspective, the cost of digital signature products is as much as 90% lower today than similar technologies were only five years ago. These new solutions are designed to support existing technical infrastructure, policies, and procedures, resulting in minimal disruption during deployment.
With these advances, it is quite common for digital signature deployments to be put into practice in a matter of days, even hours. Due to improved product packaging and implementation strategies provided by vendors, digital signatures now require only minimal validation to further streamline the process.
Digital signatures have been broadly deployed in thousands of Good Quality Practice (GxP) regulated applications, but Good Clinical Practice (GCP) operations seem to be at the forefront of adopting digital signatures for clinical documentation management and exchange.
CROs, in particular, are benefiting from digitally signing site documents such as monitoring trip reports and other documents where speed is of the essence for submission to study sponsors. Previously, the only solution for paper-based records was to use priority mail to expedite delivery. Today, self-contained portable and sustainable electronic records are signed and secured enabling trial sponsors, CROs, investigators, IRBs, and regulators to approve, exchange, and trust records over long retention periods.
Organizations hosting applications, such as a shared Clinical Trial Management System (CTMS) for diverse clinical ecosystems, are also quickly adopting digital signatures. One CRO currently hosts a CTMS for 6000 external collaboration partners—investigators, IRBs, and sponsors—to access and sign regulatory documents for ongoing studies. Other Application Service Providers (ASP) host a CTMS as a paid service, enabling clients to leverage digital signatures for secure clinical documents exchange.
One of the more important uses of digital signatures by organizations deals with SOPs and controlled documents that may be called into evidence to support an audit.
Benefits of Digital Signatures
Historically, the creation of electronic source documents had been achieved through the use of electronic document management (EDM) systems. This approach creates electronic records that become proprietary in nature and exclusively tied to the database and repository of the EDM system vendor. This means that source documents cannot be extracted from the system and exchanged and trusted externally, locking organizations into never-ending legacy systems to support. Subsequently, this approach fails to facilitate another emerging trend: electronic submissions to regulatory authorities.
Electronic records created using digital signatures can be verified for the signer's identity and intent, and provide proof of data integrity independent of the system that was used to create them.
Because both PDF (ISO standard 19005-1 PDF/A archive) and PKI digital signatures (standards governed by U.S. and EU governments and independent bodies) are standards based, electronic records can be retained for decades. Organizations can have full confidence that the documents will be both human readable and verifiable, even if the vendor or organization that created the digitally signed PDFs is no longer in business.
Since digital signatures can also be used to sign and secure data as well as documents, it is important to note that the Clinical Data Interchange Standards Consortium (CDISC) has also announced support for digital signatures to support interoperability and trust of data exchanges between research and health care systems.
Furthermore, with today's workflows and approvals often spanning across organizations (and EDM technologies), the only way to create signed electronic source documents is with digital signatures.
The benefits of digital signatures go well beyond 21CFR Part 11 compliance. Digital signatures enable life science organizations to eliminate the tremendous costs and time of securing approvals, and to exchange and maintain source electronic records throughout their life cycle.
Industry averages place the human and hard costs of creating and maintaining a signed document throughout its life cycle at a minimum of $10 to $20 per document. The cost of missing or incomplete documentation can be substantially higher. The missed opportunity cost is even greater: What is the cost of not being able to substantiate source and accuracy of clinical data for a new product application, or research data called into evidence for a patent application or defense?
The benefits of paperless digital signatures are measurable and quantifiable:
Speeding up clinical workflows at a reduced cost accelerates the initiation, execution, and completion of clinical trials for sponsors. Documentation is often a major bottleneck in these processes. Digital signatures can translate into on-time or even early submission of applications to regulators for product approvals and commercialization.
Expanding enrollment and geographical coverage of clinical studies, combined with the need to contain costs, and increasing pressure from patients, doctors, and investors of new products all contribute to the mission critical role of digital signatures in clinical development strategies today and in the future.
There are many considerations when planning a digital signature deployment, not the least of which involves selecting a technology. Some of the requirements to consider for best addressing your organization's needs include:
Track record. What is the suppliers experience in the life sciences (FDA and HIPAA regulated industries), specifically with 21CFR Part 11 compliance and computer system validation?
Installations and support systems. Ask the supplier to describe the steps and work involved in going into production. Make sure the supplier is providing a complete solution and identify all third-party products that make for a total solution.
Innovative solutions. How is the system administered and maintained? What innovations do the vendor and the technology provide that eliminate the painful support costs associated with smart card-based digital signature deployments of yesteryear?
Credentials and interoperability. Determine how users are credentialed and managed. Does the system support integration with Microsoft Active Directory and other LDAP structures for automatic user key generation, management, and revocation?
Compliance with regulations. Does the technology comply with regulations and legal requirements, such as 21CFR Part 11, U.S. and EU Electronic Signature Laws, NIST FIPS certification, and SAFE-BioPharma standards?
Signing requirements. Determine that the technology supports all of your signing requirements, including multiple signing of PDFs using native Adobe support, Microsoft Office applications of all versions, and easy integration with business systems such as Document Management and Workflow, CTMS, LIMS, etc.
Full verification provided. Ask the potential suppliers to forward you signed documents such as PDFs to determine that full verification of the signer's identity, intent, and data integrity is provided without any proprietary software or access to the system that created the electronic record.
Total cost. Evaluate the Total Cost of Ownership (TCO) of the systems being considered. Older digital signature solutions are based on complex PKI-leveraging, third party-supplied digital certificate and smart cards that are expensive and difficult to deploy and support.
New approaches to digital signature deployments in the past five years have made the technology simple and affordable, resulting in tremendous value for clinical organizations. Leading CROs, sponsors, and clinical service providers rely on digital signatures to provide tangible and immediate results in terms of reduced time and costs in the generation of nonproprietary source electronic records that are human readable, secure, and verifiable over extended retention periods.
Rodd Schlerf is life sciences manager for ARX (Algorithmic Research) North America, 855 Folsom Street, Suite 939, San Francisco, CA 94017, email: email@example.com
D. Brink, J. Stapelton, P. Lareau, PKI Forum White Paper, August 2002 .